Hello Chris,
On Mon, 20 Mar 2017, Chris Lamb wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of git:
> https://security-tracker.debian.org/tracker/source- package/git
>
> Would you like to take care of this yourself?
Did you check whether the package was affected?
I tried to checkout https://github.com/njhartwell/pw3nage while having
bash-completion loaded and with a PS1 containing $(__git_ps1 2>/dev/null)
or $(__git_ps1 " (%s)") and was unable to get any code execution.
I'm not sure when the vulnerability was introduced but it looks
like that 1.7.10.4-1+wheezy3 is not affected at least when using bash.
Can someone else double check?
For zsh, I'm not sure either. I tried to run it and to set PS1 as
documented:
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '
But here the $(...) part is not even replaced.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/